package net.soevar.common;

import java.io.IOException;
import java.util.Date;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import net.soevar.database.hibernate.HibernateUtil;
import net.soevar.database.model.AthLogLogin;
import net.soevar.database.model.AthUser;

import org.hibernate.Session;
import org.hibernate.Transaction;
import org.hibernate.criterion.Restrictions;
import org.zkoss.spring.security.ui.ZkDisableSessionInvalidateFilter;


public class SecurityFilter extends ZkDisableSessionInvalidateFilter {

	public SecurityFilter() {
		super();
		// TODO Auto-generated constructor stub
	}

	@Override
	public void doFilter(ServletRequest arg0, ServletResponse arg1,
			FilterChain arg2) throws IOException, ServletException {
		// TODO Auto-generated method stub
		super.doFilter(arg0, arg1, arg2);

		if (arg0.getParameter("j_username") != null
				&& arg0.getParameter("j_password") != null
				&& !arg0.getParameter("j_username").trim().equals("")
				&& !arg0.getParameter("j_password").trim().equals("")) {

			String username = arg0.getParameter("j_username").trim();
			String password = Common.desEncrypter.encrypt(arg0.getParameter(
					"j_password").trim());
			Session session = HibernateUtil.currentNativeSession();

//			Mahasiswa mahasiswa = (Mahasiswa) session
//					.createCriteria(Mahasiswa.class)
//					.add(Restrictions.or(
//							Restrictions
//									.and(Restrictions.eq("userOrtu",
//											username.trim()),
//											Restrictions.and(
//													Restrictions
//															.isNotNull("userOrtu"),
//													Restrictions
//															.sqlRestriction("trim(this_.user_ortu) != ''"))),
//							Restrictions.eq("nim", username.trim())))
//					.setMaxResults(1).uniqueResult();
//			session.disconnect();
//			session.close();
//
//			if (mahasiswa == null) {
//				session = HibernateUtil.currentNativeSession();
				AthUser users = (AthUser) session.createCriteria(AthUser.class)
						.add(Restrictions.eq("userId", username))
						.setMaxResults(1).uniqueResult();

				AthLogLogin login = new AthLogLogin();
				login.setIp(arg0.getRemoteAddr());
				login.setKeterangan("");
				login.setLogin(new Date());
				login.setLogout(null);
				login.setNama(username);
				login.setAthuser(users);

				login.setHostname(arg0.getServerName());
				login.setSuccess_status(users != null
						&& users.getUserPassword() != null
						&& !users.getUserPassword().trim().equals("")
						&& users.getUserPassword().equals(password));
				login.setDescription(!login.getSuccess_status() ? "Pengguna ini mencoba mengakses sistem menggunakan password "
						+ arg0.getParameter("j_password").trim()
						+ ", namun gagal login"
						: "Pengguna berhasil login");
				//login.setDirubahTanggal(new Date());

				Transaction transaction = session.beginTransaction();
				session.save(login);
				transaction.commit();

				session.disconnect();
				session.close();
//			} else {
//				LogLogin login = new LogLogin();
//
//				login.setDosen(null);
//				login.setFakultas(mahasiswa.getJurusan() == null ? null
//						: mahasiswa.getJurusan().getFakultas());
//				login.setIp(arg0.getRemoteAddr());
//				login.setJurusan(mahasiswa.getJurusan());
//				login.setKeterangan("");
//				login.setLogin(new Date());
//				login.setLogout(null);
//				login.setMahasiswa(mahasiswa);
//				login.setNama(mahasiswa.getNim());
//				login.setTbmuser(null);
//
//				login.setHostname(arg0.getServerName());
//				login.setSuccess_status(mahasiswa.getPass() != null
//						&& !mahasiswa.getPass().trim().equals("")
//						&& mahasiswa.getPass().equals(password));
//
//				if (!login.getSuccess_status()) {
//					login.setSuccess_status(mahasiswa.getPassOrtu() != null
//							&& !mahasiswa.getPassOrtu().trim().equals("")
//							&& mahasiswa.getPassOrtu().equals(password));
//				}
//
//				login.setDescription(!login.getSuccess_status() ? "Mahasiswa ini mencoba mengakses sistem menggunakan password "
//						+ arg0.getParameter("j_password").trim()
//						+ ", namun gagal login"
//						: "Mahasiswa berhasil login");
//
//				session = HibernateUtil.currentNativeSession();
//				Transaction transaction = session.beginTransaction();
//				session.save(login);
//				transaction.commit();
//
//				session.disconnect();
//				session.close();
//			}

		}

	}

}